Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2012-09-15 CVE-2012-4001 Improper Input Validation vulnerability in Google MOD Pagespeed
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.
network
low complexity
google apache CWE-20
5.0
2012-09-13 CVE-2012-4909 Information Exposure vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application.
network
google CWE-200
4.3
2012-09-13 CVE-2012-4908 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink.
network
low complexity
google CWE-264
7.5
2012-09-13 CVE-2012-4907 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.
network
google CWE-264
critical
9.3
2012-09-13 CVE-2012-4906 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903.
network
low complexity
google CWE-264
5.0
2012-09-13 CVE-2012-4905 Cross-Site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)."
network
google CWE-79
4.3
2012-09-13 CVE-2012-4904 Cross-Site Scripting vulnerability in Google Chrome
Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab.
network
google CWE-79
4.3
2012-09-13 CVE-2012-4903 Permissions, Privileges, and Access Controls vulnerability in Google Chrome
Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906.
network
low complexity
google CWE-264
5.0
2012-08-31 CVE-2012-4171 Remote Denial of Service vulnerability in Adobe Flash Player and AIR
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs.
network
low complexity
adobe google linux apple microsoft
5.0
2012-08-29 CVE-2012-3979 Remote Code Execution vulnerability in Mozilla Firefox
Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function.
network
mozilla google
6.8